views:

271

answers:

2

I'm getting an InvalidAuthenticityToken despite adding in corresponding authenticity tokens in the jquery response. Is there an error in the code, or is there another, root problem? I appreciate any comments. Thanks!

Using: Rails 2.3.3, Ruby 1.8.6, Webrick, JQuery 1.3.2

layout/networks.html.haml

= token_tag
= javascript_tag "window.AUTH_TOKEN = '#{form_authenticity_token}';"

javascripts/application.js

$(document).ready(function() {

    // All non-GET requests will add the authenticity token
    // if not already present in the data packet
    $(document).ajaxSend(function(event, request, settings) {
       if (typeof(window.AUTH_TOKEN) == "undefined") return;
       // <acronym title="Internet Explorer 6">IE6</acronym> fix for http://dev.jquery.com/ticket/3155
       if (settings.type == 'GET' || settings.type == 'get') return;

       settings.data = settings.data || "";
       settings.data += (settings.data ? "&" : "") + "authenticity_token=" + encodeURIComponent(window.AUTH_TOKEN);
     });

  ajaxLinks();
});

The rendered html has:

<input name="authenticity_token" type="hidden" value="ZaXj3ACQl+8JKtaDAUoxtSsqzEagSPyHbS25ai9qWCw=" />
<script type="text/javascript">
//<![CDATA[
window.AUTH_TOKEN = 'ZaXj3ACQl+8JKtaDAUoxtSsqzEagSPyHbS25ai9qWCw=';
//]]>
</script>

and breakpointing through, shows that window.AUTH_TOKEN has been set. Any help to resolve this would be great.

A: 

My main guess is that you are facing a caching problem... request the page from 2 different clients and check whether there is a match in both authentication keys...

khelll
I'm stuck with a single computer at the moment, so I'm just going to have to use another browser. I tried it in Chrome and it works! Strange, since I cleared my cache/cookies in FireFox. Is this different behavior based on the browsers or the browser cache? Also, can you clear the cache of webrick? Thanks!
Can you try the same form with Chrome again? If the error appeared again then you need to revise the server caching, if not then you may need to check why your browser is caching. Also check the log on the console, is ir rendering the form or does it load it?
khelll
I'm not sure what you mean same form, but Chrome still doesn't show the error and does execute the js. The log on the console shows that it is processing NetworksController#destroy, and then rendering networks/destroy for Chrome. For FF, the log says that it is processing NetworksController#destroy, and then meeting the InvalidAuthenticityToken Error and no render after that.
A: 

So after all this debugging, I've run into the same issue on both Chrome and Firefox, so the root cause is not the browsers. One potential issue might be that a new key is generated on an form submission, and is not being updated correctly via ajax call. If someone knows a fix for this or has a working JQuery project that has working auth for GET/POST/PUT/DESTROY, that would be great (even tutorials don't work for me - but that might be due to an old versions of jquery/rails).